40 lines
1.7 KiB
Markdown
40 lines
1.7 KiB
Markdown
# Security Policy
|
|
|
|
## Reporting Security Issues
|
|
|
|
We take the security of our project seriously. If you believe you have found a security vulnerability, please report it to us privately. **Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
|
|
|
|
> **Important Note**: Any code within the `classic/` folder is considered legacy, unsupported, and out of scope for security reports. We will not address security vulnerabilities in this deprecated code.
|
|
|
|
Instead, please report them via:
|
|
- [GitHub Security Advisory](https://github.com/dataelement/bisheng/security/advisories/new)
|
|
<!--- [Huntr.dev](https://huntr.com/repos/significant-gravitas/autogpt) - where you may be eligible for a bounty-->
|
|
|
|
### Reporting Process
|
|
1. **Submit Report**: Use one of the above channels to submit your report
|
|
2. **Response Time**: Our team will acknowledge receipt of your report within 14 business days.
|
|
3. **Collaboration**: We will collaborate with you to understand and validate the issue
|
|
4. **Resolution**: We will work on a fix and coordinate the release process
|
|
|
|
|
|
### Disclosure Policy
|
|
- Please provide detailed reports with reproducible steps
|
|
- Include the version/commit hash where you discovered the vulnerability
|
|
- Allow us a 90-day security fix window before any public disclosure
|
|
- Share any potential mitigations or workarounds if known
|
|
|
|
## Supported Versions
|
|
Only the following versions are eligible for security updates:
|
|
|
|
| Version | Supported |
|
|
|---------|-----------|
|
|
| Latest release on master branch | ✅ |
|
|
| Development commits (pre-master) | ✅ |
|
|
| Classic folder (deprecated) | ❌ |
|
|
| All other versions | ❌ |
|
|
|
|
|
|
|
|
---
|
|
Last updated: November 2024
|